+
+/*
+ * @implemented
+ */
+NTSTATUS
+STDCALL
+IoCreateDriver (
+ IN PUNICODE_STRING DriverName, OPTIONAL
+ IN PDRIVER_INITIALIZE InitializationFunction
+ )
+{
+ WCHAR NameBuffer[100];
+ USHORT NameLength;
+ UNICODE_STRING LocalDriverName; /* To reduce code if no name given */
+ NTSTATUS Status;
+ OBJECT_ATTRIBUTES ObjectAttributes;
+ ULONG ObjectSize;
+ PDRIVER_OBJECT DriverObject;
+ UNICODE_STRING ServiceKeyName;
+ HANDLE hDriver;
+ ULONG i;
+
+ /* First, create a unique name for the driver if we don't have one */
+ if (!DriverName) {
+
+ /* Create a random name and set up the string*/
+ NameLength = swprintf(NameBuffer, L"\\Driver\\%08u", KeTickCount);
+ LocalDriverName.Length = NameLength * sizeof(WCHAR);
+ LocalDriverName.MaximumLength = LocalDriverName.Length + sizeof(UNICODE_NULL);
+ LocalDriverName.Buffer = NameBuffer;
+
+ } else {
+
+ /* So we can avoid another code path, use a local var */
+ LocalDriverName = *DriverName;
+ }
+
+ /* Initialize the Attributes */
+ ObjectSize = sizeof(DRIVER_OBJECT) + sizeof(DRIVER_EXTENSION);
+ InitializeObjectAttributes(&ObjectAttributes,
+ &LocalDriverName,
+ OBJ_PERMANENT | OBJ_CASE_INSENSITIVE,
+ NULL,
+ NULL);
+
+ /* Create the Object */
+ Status = ObCreateObject(KernelMode,
+ IoDriverObjectType,
+ &ObjectAttributes,
+ KernelMode,
+ NULL,
+ ObjectSize,
+ 0,
+ 0,
+ (PVOID*)&DriverObject);
+
+ /* Return on failure */
+ if (!NT_SUCCESS(Status)) return Status;
+
+ /* Set up the Object */
+ RtlZeroMemory(DriverObject, ObjectSize);
+ DriverObject->Type = IO_TYPE_DRIVER;
+ DriverObject->Size = sizeof(DRIVER_OBJECT);
+ DriverObject->Flags = DRVO_BUILTIN_DRIVER;
+ DriverObject->DriverExtension = (PDRIVER_EXTENSION)(DriverObject + 1);
+ DriverObject->DriverExtension->DriverObject = DriverObject;
+ DriverObject->DriverInit = InitializationFunction;
+
+ /* Invalidate all Major Functions */
+ for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
+ {
+ DriverObject->MajorFunction[i] = IopInvalidDeviceRequest;
+ }
+
+ /* Set up the Service Key Name */
+ ServiceKeyName.Buffer = ExAllocatePool(PagedPool, LocalDriverName.Length + sizeof(WCHAR));
+ ServiceKeyName.Length = LocalDriverName.Length;
+ ServiceKeyName.MaximumLength = LocalDriverName.MaximumLength;
+ RtlMoveMemory(ServiceKeyName.Buffer, LocalDriverName.Buffer, LocalDriverName.Length);
+ ServiceKeyName.Buffer[ServiceKeyName.Length / sizeof(WCHAR)] = L'\0';
+ DriverObject->DriverExtension->ServiceKeyName = ServiceKeyName;
+
+ /* Also store it in the Driver Object. This is a bit of a hack. */
+ RtlMoveMemory(&DriverObject->DriverName, &ServiceKeyName, sizeof(UNICODE_STRING));
+
+ /* Add the Object and get its handle */
+ Status = ObInsertObject(DriverObject,
+ NULL,
+ FILE_READ_DATA,
+ 0,
+ NULL,
+ &hDriver);
+
+ /* Return on Failure */
+ if (!NT_SUCCESS(Status)) return Status;
+
+ /* Now reference it */
+ Status = ObReferenceObjectByHandle(hDriver,
+ 0,
+ IoDriverObjectType,
+ KernelMode,
+ (PVOID*)&DriverObject,
+ NULL);
+ ZwClose(hDriver);
+
+ /* Finally, call its init function */
+ Status = (*InitializationFunction)(DriverObject, NULL);
+
+ if (!NT_SUCCESS(Status)) {
+ /* If it didn't work, then kill the object */
+ ObMakeTemporaryObject(DriverObject);
+ ObDereferenceObject(DriverObject);
+ }
+
+ /* Return the Status */
+ return Status;
+}
+
+/*
+ * @implemented
+ */
+VOID
+STDCALL
+IoDeleteDriver (
+ IN PDRIVER_OBJECT DriverObject
+ )
+{
+ /* Simply derefence the Object */
+ ObDereferenceObject(DriverObject);
+}
+
+